Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(307)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc

Issue 550473002: Linux sandbox: whitelist allowed Futex operations. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Move Android futex definitions to the existing separate file. Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc ('k') | sandbox/linux/services/android_futex.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h" 5 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <fcntl.h> 9 #include <fcntl.h>
10 #include <linux/futex.h> 10 #include <linux/futex.h>
11 #include <linux/net.h> 11 #include <linux/net.h>
12 #include <sched.h> 12 #include <sched.h>
13 #include <signal.h> 13 #include <signal.h>
14 #include <sys/ioctl.h> 14 #include <sys/ioctl.h>
15 #include <sys/mman.h> 15 #include <sys/mman.h>
16 #include <sys/prctl.h> 16 #include <sys/prctl.h>
17 #include <sys/stat.h> 17 #include <sys/stat.h>
18 #include <sys/types.h> 18 #include <sys/types.h>
19 #include <unistd.h> 19 #include <unistd.h>
20 20
21 #include "base/basictypes.h" 21 #include "base/basictypes.h"
22 #include "base/logging.h" 22 #include "base/logging.h"
23 #include "base/macros.h" 23 #include "base/macros.h"
24 #include "build/build_config.h" 24 #include "build/build_config.h"
25 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" 25 #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
26 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h" 26 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
27 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h" 27 #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
28
29 #if defined(OS_ANDROID)
30
28 #include "sandbox/linux/services/android_futex.h" 31 #include "sandbox/linux/services/android_futex.h"
29 32
30 #if defined(OS_ANDROID)
31 #if !defined(F_DUPFD_CLOEXEC) 33 #if !defined(F_DUPFD_CLOEXEC)
32 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6) 34 #define F_DUPFD_CLOEXEC (F_LINUX_SPECIFIC_BASE + 6)
33 #endif 35 #endif
34 #endif 36
37 #endif // defined(OS_ANDROID)
35 38
36 #if defined(__arm__) && !defined(MAP_STACK) 39 #if defined(__arm__) && !defined(MAP_STACK)
37 #define MAP_STACK 0x20000 // Daisy build environment has old headers. 40 #define MAP_STACK 0x20000 // Daisy build environment has old headers.
38 #endif 41 #endif
39 42
40 #if defined(__mips__) && !defined(MAP_STACK) 43 #if defined(__mips__) && !defined(MAP_STACK)
41 #define MAP_STACK 0x40000 44 #define MAP_STACK 0x40000
42 #endif 45 #endif
43 namespace { 46 namespace {
44 47
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after
200 } 203 }
201 case __NR_tkill: 204 case __NR_tkill:
202 return CrashSIGSYSKill(); 205 return CrashSIGSYSKill();
203 default: 206 default:
204 NOTREACHED(); 207 NOTREACHED();
205 return CrashSIGSYS(); 208 return CrashSIGSYS();
206 } 209 }
207 } 210 }
208 211
209 ResultExpr RestrictFutex() { 212 ResultExpr RestrictFutex() {
210 // In futex.c, the kernel does "int cmd = op & FUTEX_CMD_MASK;". We need to 213 const int kAllowedFutexFlags = FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME;
211 // make sure that the combination below will cover every way to get 214 const int kOperationMask = ~kAllowedFutexFlags;
212 // FUTEX_CMP_REQUEUE_PI. 215 const int kAllowedFutexOperations[] = {
213 const int kBannedFutexBits = 216 FUTEX_WAIT, FUTEX_WAKE, FUTEX_FD, FUTEX_REQUEUE,
Mark Seaborn 2014/09/06 00:29:28 You shouldn't need FUTEX_FD. The man page says "B
214 ~(FUTEX_CMD_MASK | FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME); 217 FUTEX_CMP_REQUEUE, FUTEX_WAKE_OP, FUTEX_WAIT_BITSET, FUTEX_WAKE_BITSET};
215 COMPILE_ASSERT(0 == kBannedFutexBits,
216 need_to_explicitly_blacklist_more_bits);
217 218
218 const Arg<int> op(1); 219 const Arg<int> op(1);
219 return If(op == FUTEX_CMP_REQUEUE_PI || op == FUTEX_CMP_REQUEUE_PI_PRIVATE || 220
220 op == (FUTEX_CMP_REQUEUE_PI | FUTEX_CLOCK_REALTIME) || 221 BoolExpr IsAllowedOp = (op & kOperationMask) == kAllowedFutexOperations[0];
221 op == (FUTEX_CMP_REQUEUE_PI_PRIVATE | FUTEX_CLOCK_REALTIME), 222 for (size_t i = 1; i < arraysize(kAllowedFutexOperations); ++i) {
222 CrashSIGSYSFutex()).Else(Allow()); 223 IsAllowedOp =
224 IsAllowedOp || ((op & kOperationMask) == kAllowedFutexOperations[i]);
Mark Seaborn 2014/09/06 00:29:28 Does this end up calculating "op & kOperationMask"
jln (very slow on Chromium) 2014/09/06 00:36:48 Yep. mdempsky is implementing better support in th
mdempsky 2014/09/06 00:38:10 Currently, yes. I'm hoping we can make the compil
225 }
226 return If(IsAllowedOp, Allow()).Else(CrashSIGSYSFutex());
223 } 227 }
224 228
225 } // namespace sandbox. 229 } // namespace sandbox.
OLDNEW
« no previous file with comments | « sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc ('k') | sandbox/linux/services/android_futex.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698